Week 13, 2023

In case you haven’t noticed, we’re big into remediation at the moment. On the back of a flurry of new action options, we’re now introducing new features to make it easy to operationalize our new remediation features.

🔁 Stay Updated On Oort Remediation Status

Over the past month, we’ve been busy releasing new actions to help remediate identity security issues. You can now

  • Kill all user sessions (log out user)

  • Quarantine Users

  • Reset MFA

  • Open ticket

  • Refresh user data

With this release, we’ve introduced a small and mighty button that enables you to hit “refresh” and check the latest on that remediation status. You can see the flow of this in the GIF below. Once you hit the refresh button, the user page will reload and you will see the latest status for the remediation you’ve just triggered.

🔐 Map IAM Groups to Admin Roles in Oort

With more remediation options, we’re seeing more roles becoming involved with organizations’ Identity Security programs. For example, you can reset all MFA factors for Okta and Duo from within the User 360 profile itself. Simply go to “Actions” and select “Reset MFA”. Because this responsibility often sits with the IT help desk, Oort has a dedicated RBAC role for the IT help desk, enabling them to take action without changing settings in Oort.

There are three roles: admin, helpdesk, and read-only. Now, from within Tenant Settings, you can define these RBAC groups. You can either name them based on existing Okta groups from the drop-down, or you can define them based on a group not displayed in the list. Mapping your IdP group permissions to Oort RBAC keeps everything nice and consistent!

🏷️ Enrich IP Addresses with Okta and Azure AD Intel

In the remote working world, employees log in from a large number of IP addresses every day. It can be hard to filter through this noise and understand which of these are risky. To better understand this, we already enrich IP addresses with information from IPInfo.

With this week’s release, we’re also tagging these IP addresses with information from Azure AD and Okta. Both Azure AD (Risky Users) and Okta (Threat Insights) have useful context on IP addresses that can help during an investigation. By exposing this and correlating it with other sources, we help you to focus on the risks that matter most.

Bug Fixes and Minor Improvements

  • Share Dashboard. A “Share” button has been added to the dashboard so you can easily share these insights with your peers.

Last updated